undefined | Better HN

0 pointsXelynega3y ago0 comments

Why would your firewall allow your ipv6 IoT devices to receive inbound connections from the internet? Whats the difference between "ipv6 Nat" and a firewall when theres not likely to be any address overlap.

0 comments

adriancr3y ago

> Why would your firewall allow your ipv6 IoT devices to receive inbound connections from the internet?

It does not, problem is with outbound connections.

> Whats the difference between "ipv6 Nat" and a firewall when theres not likely to be any address overlap.

Outbound connections can be profiled by remote websites.

With NAT (Well... Port-address-translation to be fair, so single outgoing address), traffic can't as easily be profiled.

Imagine ISPs/Ad providers having easier time identifying you, your spouse, your kids, etc. (and device, and so on just by observing addresses)

With initial SLAAC it is even nicer as MAC address is included in the address... Can look up device much easier just cross reference manufacturer database...

j / k navigate · click thread line to collapse